SME 5.1.2 for Alpha Security Advisory
I assume that all users of SME 5.1.2 for Alpha are aware of the apache 'chunk handling' vulnerability. The advisory on this issue from the Apache Software Foundation can be found here:
http://httpd.apache.org/info/security_bulletin_20020620.txtPlease note that this advisory supersedes an older advisory from the Apache Software Foundation, which can be found here:
http://httpd.apache.org/info/security_bulletin_20020617.txtPlease note also that most of the distributions' security advisories (including RedHat's) are based on the older, less serious security advisory.
Updated binary (for Alpha) and source RPMS are available linked from the SME-Alpha-HOWTO at
http://www.robert2.dds.nl/howtos/alpha-howto.htmlThe RPM was made by patching SME's apache-1.3.22-3.7.1es with the 'chunky' patch from RedHat's apache-1.3.22-5.7.1. Using this version of apache (with a security patch backported from 1.3.26 to 1.3.22) should eliminate the need to update apache modules.
These updates may be superseded in the next couple of days, but I thought I might as well release an unofficial update now for our unofficial Alpha port.
Robert van den Aker
1 Replies
342 Views